1/** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6#ifndef __SCHANNEL_H__ 7#define __SCHANNEL_H__ 8 9#include <_mingw_unicode.h> 10#include <wincrypt.h> 11 12#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider" 13#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider" 14 15#define SSL2SP_NAME_A "Microsoft SSL 2.0" 16#define SSL2SP_NAME_W L"Microsoft SSL 2.0" 17 18#define SSL3SP_NAME_A "Microsoft SSL 3.0" 19#define SSL3SP_NAME_W L"Microsoft SSL 3.0" 20 21#define TLS1SP_NAME_A "Microsoft TLS 1.0" 22#define TLS1SP_NAME_W L"Microsoft TLS 1.0" 23 24#define PCT1SP_NAME_A "Microsoft PCT 1.0" 25#define PCT1SP_NAME_W L"Microsoft PCT 1.0" 26 27#define SCHANNEL_NAME_A "Schannel" 28#define SCHANNEL_NAME_W L"Schannel" 29 30#define UNISP_NAME __MINGW_NAME_UAW(UNISP_NAME) 31#define PCT1SP_NAME __MINGW_NAME_UAW(PCT1SP_NAME) 32#define SSL2SP_NAME __MINGW_NAME_UAW(SSL2SP_NAME) 33#define SSL3SP_NAME __MINGW_NAME_UAW(SSL3SP_NAME) 34#define TLS1SP_NAME __MINGW_NAME_UAW(TLS1SP_NAME) 35#define SCHANNEL_NAME __MINGW_NAME_UAW(SCHANNEL_NAME) 36 37#define UNISP_RPC_ID 14 38 39#define SECPKG_ATTR_ISSUER_LIST 0x50 40#define SECPKG_ATTR_REMOTE_CRED 0x51 41#define SECPKG_ATTR_LOCAL_CRED 0x52 42#define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53 43#define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54 44#define SECPKG_ATTR_ROOT_STORE 0x55 45#define SECPKG_ATTR_SUPPORTED_ALGS 0x56 46#define SECPKG_ATTR_CIPHER_STRENGTHS 0x57 47#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58 48#define SECPKG_ATTR_ISSUER_LIST_EX 0x59 49#define SECPKG_ATTR_CONNECTION_INFO 0x5a 50#define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b 51#define SECPKG_ATTR_MAPPED_CRED_ATTR 0x5c 52#define SECPKG_ATTR_SESSION_INFO 0x5d 53#define SECPKG_ATTR_APP_DATA 0x5e 54 55typedef struct _SecPkgContext_IssuerListInfo { 56 DWORD cbIssuerList; 57 PBYTE pIssuerList; 58} SecPkgContext_IssuerListInfo,*PSecPkgContext_IssuerListInfo; 59 60typedef struct _SecPkgContext_RemoteCredentialInfo { 61 DWORD cbCertificateChain; 62 PBYTE pbCertificateChain; 63 DWORD cCertificates; 64 DWORD fFlags; 65 DWORD dwBits; 66} SecPkgContext_RemoteCredentialInfo,*PSecPkgContext_RemoteCredentialInfo; 67 68typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo,*PSecPkgContext_RemoteCredenitalInfo; 69 70#define RCRED_STATUS_NOCRED 0x00000000 71#define RCRED_CRED_EXISTS 0x00000001 72#define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002 73 74typedef struct _SecPkgContext_LocalCredentialInfo { 75 DWORD cbCertificateChain; 76 PBYTE pbCertificateChain; 77 DWORD cCertificates; 78 DWORD fFlags; 79 DWORD dwBits; 80} SecPkgContext_LocalCredentialInfo,*PSecPkgContext_LocalCredentialInfo; 81 82typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo,*PSecPkgContext_LocalCredenitalInfo; 83 84#define LCRED_STATUS_NOCRED 0x00000000 85#define LCRED_CRED_EXISTS 0x00000001 86#define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002 87 88typedef struct _SecPkgCred_SupportedAlgs { 89 DWORD cSupportedAlgs; 90 ALG_ID *palgSupportedAlgs; 91} SecPkgCred_SupportedAlgs,*PSecPkgCred_SupportedAlgs; 92 93typedef struct _SecPkgCred_CipherStrengths { 94 DWORD dwMinimumCipherStrength; 95 DWORD dwMaximumCipherStrength; 96} SecPkgCred_CipherStrengths,*PSecPkgCred_CipherStrengths; 97 98typedef struct _SecPkgCred_SupportedProtocols { 99 DWORD grbitProtocol; 100} SecPkgCred_SupportedProtocols,*PSecPkgCred_SupportedProtocols; 101 102typedef struct _SecPkgContext_IssuerListInfoEx { 103 PCERT_NAME_BLOB aIssuers; 104 DWORD cIssuers; 105} SecPkgContext_IssuerListInfoEx,*PSecPkgContext_IssuerListInfoEx; 106 107typedef struct _SecPkgContext_ConnectionInfo { 108 DWORD dwProtocol; 109 ALG_ID aiCipher; 110 DWORD dwCipherStrength; 111 ALG_ID aiHash; 112 DWORD dwHashStrength; 113 ALG_ID aiExch; 114 DWORD dwExchStrength; 115} SecPkgContext_ConnectionInfo,*PSecPkgContext_ConnectionInfo; 116 117typedef struct _SecPkgContext_EapKeyBlock { 118 BYTE rgbKeys[128]; 119 BYTE rgbIVs[64]; 120} SecPkgContext_EapKeyBlock,*PSecPkgContext_EapKeyBlock; 121 122typedef struct _SecPkgContext_MappedCredAttr { 123 DWORD dwAttribute; 124 PVOID pvBuffer; 125} SecPkgContext_MappedCredAttr,*PSecPkgContext_MappedCredAttr; 126 127#define SSL_SESSION_RECONNECT 1 128 129typedef struct _SecPkgContext_SessionInfo { 130 DWORD dwFlags; 131 DWORD cbSessionId; 132 BYTE rgbSessionId[32]; 133} SecPkgContext_SessionInfo,*PSecPkgContext_SessionInfo; 134 135typedef struct _SecPkgContext_SessionAppData { 136 DWORD dwFlags; 137 DWORD cbAppData; 138 PBYTE pbAppData; 139} SecPkgContext_SessionAppData,*PSecPkgContext_SessionAppData; 140 141#define SCH_CRED_V1 0x00000001 142#define SCH_CRED_V2 0x00000002 143#define SCH_CRED_VERSION 0x00000002 144#define SCH_CRED_V3 0x00000003 145#define SCHANNEL_CRED_VERSION 0x00000004 146 147struct _HMAPPER; 148 149typedef struct _SCHANNEL_CRED { 150 DWORD dwVersion; 151 DWORD cCreds; 152 PCCERT_CONTEXT *paCred; 153 HCERTSTORE hRootStore; 154 DWORD cMappers; 155 struct _HMAPPER **aphMappers; 156 DWORD cSupportedAlgs; 157 ALG_ID *palgSupportedAlgs; 158 DWORD grbitEnabledProtocols; 159 DWORD dwMinimumCipherStrength; 160 DWORD dwMaximumCipherStrength; 161 DWORD dwSessionLifespan; 162 DWORD dwFlags; 163 DWORD dwCredFormat; 164} SCHANNEL_CRED,*PSCHANNEL_CRED; 165 166#define SCH_CRED_FORMAT_CERT_HASH 0x00000001 167 168#define SCH_CRED_MAX_SUPPORTED_ALGS 256 169#define SCH_CRED_MAX_SUPPORTED_CERTS 100 170 171typedef struct _SCHANNEL_CERT_HASH { 172 DWORD dwLength; 173 DWORD dwFlags; 174 HCRYPTPROV hProv; 175 BYTE ShaHash[20]; 176} SCHANNEL_CERT_HASH,*PSCHANNEL_CERT_HASH; 177 178#define SCH_MACHINE_CERT_HASH 0x00000001 179 180#define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002 181#define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004 182#define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008 183#define SCH_CRED_NO_DEFAULT_CREDS 0x00000010 184#define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020 185#define SCH_CRED_USE_DEFAULT_CREDS 0x00000040 186#define SCH_CRED_DISABLE_RECONNECTS 0x00000080 187 188#define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100 189#define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200 190#define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400 191#define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800 192#define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000 193#define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000 194 195#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000 196 197#define SCHANNEL_RENEGOTIATE 0 198#define SCHANNEL_SHUTDOWN 1 199#define SCHANNEL_ALERT 2 200#define SCHANNEL_SESSION 3 201 202typedef struct _SCHANNEL_ALERT_TOKEN { 203 DWORD dwTokenType; 204 DWORD dwAlertType; 205 DWORD dwAlertNumber; 206} SCHANNEL_ALERT_TOKEN; 207 208#define TLS1_ALERT_WARNING 1 209#define TLS1_ALERT_FATAL 2 210 211#define TLS1_ALERT_CLOSE_NOTIFY 0 212#define TLS1_ALERT_UNEXPECTED_MESSAGE 10 213#define TLS1_ALERT_BAD_RECORD_MAC 20 214#define TLS1_ALERT_DECRYPTION_FAILED 21 215#define TLS1_ALERT_RECORD_OVERFLOW 22 216#define TLS1_ALERT_DECOMPRESSION_FAIL 30 217#define TLS1_ALERT_HANDSHAKE_FAILURE 40 218#define TLS1_ALERT_BAD_CERTIFICATE 42 219#define TLS1_ALERT_UNSUPPORTED_CERT 43 220#define TLS1_ALERT_CERTIFICATE_REVOKED 44 221#define TLS1_ALERT_CERTIFICATE_EXPIRED 45 222#define TLS1_ALERT_CERTIFICATE_UNKNOWN 46 223#define TLS1_ALERT_ILLEGAL_PARAMETER 47 224#define TLS1_ALERT_UNKNOWN_CA 48 225#define TLS1_ALERT_ACCESS_DENIED 49 226#define TLS1_ALERT_DECODE_ERROR 50 227#define TLS1_ALERT_DECRYPT_ERROR 51 228#define TLS1_ALERT_EXPORT_RESTRICTION 60 229#define TLS1_ALERT_PROTOCOL_VERSION 70 230#define TLS1_ALERT_INSUFFIENT_SECURITY 71 231#define TLS1_ALERT_INTERNAL_ERROR 80 232#define TLS1_ALERT_USER_CANCELED 90 233#define TLS1_ALERT_NO_RENEGOTIATATION 100 234 235#define SSL_SESSION_ENABLE_RECONNECTS 1 236#define SSL_SESSION_DISABLE_RECONNECTS 2 237 238typedef struct _SCHANNEL_SESSION_TOKEN { 239 DWORD dwTokenType; 240 DWORD dwFlags; 241} SCHANNEL_SESSION_TOKEN; 242 243#define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0) 244#define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1) 245#define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2) 246 247#define SP_PROT_PCT1_SERVER 0x00000001 248#define SP_PROT_PCT1_CLIENT 0x00000002 249#define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT) 250 251#define SP_PROT_SSL2_SERVER 0x00000004 252#define SP_PROT_SSL2_CLIENT 0x00000008 253#define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT) 254 255#define SP_PROT_SSL3_SERVER 0x00000010 256#define SP_PROT_SSL3_CLIENT 0x00000020 257#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT) 258 259#define SP_PROT_TLS1_SERVER 0x00000040 260#define SP_PROT_TLS1_CLIENT 0x00000080 261#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT) 262 263#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT) 264#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER) 265#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1) 266 267#define SP_PROT_UNI_SERVER 0x40000000 268#define SP_PROT_UNI_CLIENT 0x80000000 269#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT) 270 271#define SP_PROT_ALL 0xffffffff 272#define SP_PROT_NONE 0 273#define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT) 274#define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER) 275 276typedef WINBOOL (*SSL_EMPTY_CACHE_FN_A)(LPSTR pszTargetName,DWORD dwFlags); 277 278WINBOOL SslEmptyCacheA(LPSTR pszTargetName,DWORD dwFlags); 279 280typedef WINBOOL (*SSL_EMPTY_CACHE_FN_W)(LPWSTR pszTargetName,DWORD dwFlags); 281 282WINBOOL SslEmptyCacheW(LPWSTR pszTargetName,DWORD dwFlags); 283 284#define SSL_EMPTY_CACHE_FN __MINGW_NAME_UAW(SSL_EMPTY_CACHE_FN) 285#define SslEmptyCache __MINGW_NAME_AW(SslEmptyCache) 286 287typedef struct _SSL_CREDENTIAL_CERTIFICATE { 288 DWORD cbPrivateKey; 289 PBYTE pPrivateKey; 290 DWORD cbCertificate; 291 PBYTE pCertificate; 292 PSTR pszPassword; 293} SSL_CREDENTIAL_CERTIFICATE,*PSSL_CREDENTIAL_CERTIFICATE; 294 295#define SCHANNEL_SECRET_TYPE_CAPI 0x00000001 296#define SCHANNEL_SECRET_PRIVKEY 0x00000002 297#define SCH_CRED_X509_CERTCHAIN 0x00000001 298#define SCH_CRED_X509_CAPI 0x00000002 299#define SCH_CRED_CERT_CONTEXT 0x00000003 300 301struct _HMAPPER; 302typedef struct _SCH_CRED { 303 DWORD dwVersion; 304 DWORD cCreds; 305 PVOID *paSecret; 306 PVOID *paPublic; 307 DWORD cMappers; 308 struct _HMAPPER **aphMappers; 309} SCH_CRED,*PSCH_CRED; 310 311typedef struct _SCH_CRED_SECRET_CAPI { 312 DWORD dwType; 313 HCRYPTPROV hProv; 314} SCH_CRED_SECRET_CAPI,*PSCH_CRED_SECRET_CAPI; 315 316typedef struct _SCH_CRED_SECRET_PRIVKEY { 317 DWORD dwType; 318 PBYTE pPrivateKey; 319 DWORD cbPrivateKey; 320 PSTR pszPassword; 321} SCH_CRED_SECRET_PRIVKEY,*PSCH_CRED_SECRET_PRIVKEY; 322 323typedef struct _SCH_CRED_PUBLIC_CERTCHAIN { 324 DWORD dwType; 325 DWORD cbCertChain; 326 PBYTE pCertChain; 327} SCH_CRED_PUBLIC_CERTCHAIN,*PSCH_CRED_PUBLIC_CERTCHAIN; 328 329typedef struct _SCH_CRED_PUBLIC_CAPI { 330 DWORD dwType; 331 HCRYPTPROV hProv; 332} SCH_CRED_PUBLIC_CAPI,*PSCH_CRED_PUBLIC_CAPI; 333 334typedef struct _PctPublicKey { 335 DWORD Type; 336 DWORD cbKey; 337 UCHAR pKey[1]; 338} PctPublicKey; 339 340typedef struct _X509Certificate { 341 DWORD Version; 342 DWORD SerialNumber[4]; 343 ALG_ID SignatureAlgorithm; 344 FILETIME ValidFrom; 345 FILETIME ValidUntil; 346 PSTR pszIssuer; 347 PSTR pszSubject; 348 PctPublicKey *pPublicKey; 349} X509Certificate,*PX509Certificate; 350 351WINBOOL SslGenerateKeyPair(PSSL_CREDENTIAL_CERTIFICATE pCerts,PSTR pszDN,PSTR pszPassword,DWORD Bits); 352VOID SslGenerateRandomBits(PUCHAR pRandomData,LONG cRandomData); 353WINBOOL SslCrackCertificate(PUCHAR pbCertificate,DWORD cbCertificate,DWORD dwFlags,PX509Certificate *ppCertificate); 354VOID SslFreeCertificate(PX509Certificate pCertificate); 355DWORD WINAPI SslGetMaximumKeySize(DWORD Reserved); 356WINBOOL SslGetDefaultIssuers(PBYTE pbIssuers,DWORD *pcbIssuers); 357 358#define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate") 359#define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate") 360 361typedef WINBOOL (WINAPI *SSL_CRACK_CERTIFICATE_FN)(PUCHAR pbCertificate,DWORD cbCertificate,WINBOOL VerifySignature,PX509Certificate *ppCertificate); 362typedef VOID (WINAPI *SSL_FREE_CERTIFICATE_FN)(PX509Certificate pCertificate); 363 364#if (_WIN32_WINNT >= 0x0600) 365typedef struct _SecPkgContext_EapPrfInfo { 366 DWORD dwVersion; 367 DWORD cbPrfData; 368} SecPkgContext_EapPrfInfo, *PSecPkgContext_EapPrfInfo; 369#endif /*(_WIN32_WINNT >= 0x0600)*/ 370#if (_WIN32_WINNT >= 0x0601) 371typedef struct _SecPkgContext_SupportedSignatures { 372 WORD cSignatureAndHashAlgorithms; 373 WORD *pSignatureAndHashAlgorithms; 374} SecPkgContext_SupportedSignatures, *PSecPkgContext_SupportedSignatures; 375#endif /*(_WIN32_WINNT >= 0x0601)*/ 376#endif 377